This topic describes how to configure notifications for event source groups. Notifications are sent when thresholds are not met.
Notifications go hand-in-hand with Thresholds. Before you configure notifications, you should set up Thresholds for an event source group.
Note: After configuring the thresholds for an event source group, if you do not set any notifications, then even if an alarm is triggered, users are not notified. However, all alarms are visible on the Alarms Tab.
Before you set up notifications for an event source group, you should review the available notification items:
- Notification Servers: These are the servers that you want to receive notifications from the system. For more details, see the Notification Servers Overview topic in the System Configuration Guide.
- Notification Templates: These are the available templates for each type of notification. For Event Source Management, default templates are supplied for Email (SMTP), SNMP, and Syslog. You can use these templates as supplied, or customize them if necessary. For more details, see the Templates Overview topic in the Systems Configuration Guide.
- Notification Output: The outputs contain the parameters for the notification type. For example, an email notification type contains the email addresses and subject for the notification. For more details, see the Notification Outputs Overview topic in the Systems Configuration Guide.
Add Notifications for an event source group
To add notifications for an event source group:
- In the Security Analytics menu, select Administration > Event Sources.
Select the Monitoring Policies tab.
In the Event Groups panel, select a group.
Note: You should have already set a threshold for the group. If not, see Set and View the Thresholds for an Alert Policy to set a threshold, and then return to this procedure. Alternatively, if you have automatic alerting turned on, then you do not need to set thresholds for a policy. Automatic alarms generate notifications without the need to set thresholds.
Note: Default ESM (Event Source Monitoring) templates are provided for each type of notification.
Enter values for the Notification, Notification Server, and Template fields.
- For Notification, select from the list, or add a suitable notification type in Notifications, and then select it here.
- For the Server, select one from the list, or add a suitable server in Notifications, and then select it here.
- For Template, select an available template, or create a suitable template in Notifications, and then select it here.
Note: If you need to add or edit one of these items, click Notification Settings. A new browser window opens on the Administration > System > Global Notifications page. Use this page to view or update the available Notification items.
Optionally, you can limit the rate of notifications for a policy.
- Select Output Suppression to enable setting a limit.
- Enter a value, in minutes, for the suppression rate. For example, if you enter 30, notifications for this policy are limited to one notification every 30 minutes.
- Click Save.
Here is an example of a monitoring policy that contains a threshold and notification for an event source group.